VMware Cloud Community
chavez243
Contributor
Contributor
‎11-12-2008 01:40 PM

Need to syslog to remote

We've been having some issues with ESXi and it would be helpful to have the logs passed to another syslog server on the network. The changes have been made to point the ESXi host syslogs to a remote BSD machine running syslogd. tcpdump indicates the traffic on 514 is hitting the remote logging server but not getting into the logs.

anyone logging to a remote syslogd successfully?

Tags (2)
Reply
0 Kudos
3 Replies
trojanjo
Enthusiast
Enthusiast
‎11-12-2008 03:07 PM

Make sure your syslogd is set to recieve remote syslog traffic. Most of the time it is disabled by default.

If you are logging other hosts to this BSD server succesfully make sure there is not some kind of filter dropping your ESX syslogs.

---- Visit my blog. http://www.2vcps.com
Follow me: http://twitter.com/jon_2vcps
Reply
0 Kudos
chavez243
Contributor
Contributor
‎11-13-2008 07:25 AM

thx - checked all that.

added syslogd_flags="-a addr.of.esxi.host" to /etc/rc.conf and restarted syslogd

I have another BSD box similarly configured that is getting syslog traffic from our PIX, so I at least know it should work.

I might briefly redirect the syslog traffic to the other BSD box for testing, but I really want the logs going to this particular box.

Reply
0 Kudos
chavez243
Contributor
Contributor
‎11-13-2008 07:49 AM

Got it!

Esxi sends syslog messages on random upper level ports, not 514. The flags required in rc.conf are therefore:

syslogd_flags="-a 111.222.333.444:*"

Reply
0 Kudos